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REMARKS 

Please reconsider the application in view of the above amendments and the following 
remarks. Applicant thanks the Examiner for carefully considering this application. 
Disposition of Claims 

Claims 1, 3-9, 11-14, 16, and 18-29 are pending in this application. Claims 1, 9, 16, and 24 
are independent. The remaining claims depend, directly or indirectly, from claims 1,9, 16, and 24. 
Claim Objections 

Claims 28 and 29 are objected to for minor informalities. In accordance with the 
Examiner's suggestions, claims 28 and 29 are amended to depend from independent claim 1. 
Accordingly, withdrawal of this objection is respectfully requested. 
Rejections under 35 U.S.C. § 103 

Claims 1, 3, 4, 8, 9, 11, 16, 18, 19, 23, and 24 stand rejected under 35 U.S.C. § 103(a) as 
being unpatentable over U.S. Patent Application Publication No. 2002/0186238 ("Sylor") in view of 
European Patent Application EP1009130A1 ("Brun"), and further in view of U.S. Patent 
Application Publication No. 2002/0104015 ("Barzilai"). Claims 5, 6, 12, 13, 20, 21, 25, and 26 
stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Sylor in view of Brun, further in 
view of Barzilai and further in view of U.S. Patent Application Publication No. 2004/0125615 
("Carmel"). Claims 7, 14, 22, and 27 stand rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Sylor in view of Brun, further in view of Barzilai and further in view of U.S. Patent No. 
6026440 ("Shrader"). These rejections are respectfully traversed. 

To establish a prima facie case of obviousness, under 35 U.S.C. § 103(a), "the prior art 
reference (or references when combined) must teach or suggest all the claim limitations." See 
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MPEP §2143.03. Further, "all words in a claim must be considered in judging the patentability of 

that claim against the prior art." See MPEP § 2 1 43 .03 . 

Turning to the rejection of the claims, claim 1 recites, in part, 

a policy definition comprises a rule that references said resource and comprises at 
least one action associated with the resource, a condition that comprises a 
constraint on the at least one action, a subject that defines a collection of users to 
whom the policy definition applies, and a referral that comprises an identification 
of a second policy decision point to which the evaluation of the policy definition is 
being delegated. 

Independent claims 9, 16, and 24 recite similar limitations. The Examiner admits that both Sylor 
and Brun fail to teach or suggest the cited limitations. See Office Action mailed February 15, 2007 
at pages 5-6. Instead, the Examiner relies on Barzilai as disclosing the aforementioned limitations 
of the independent claims. Applicants respectfully disagree. 

Specifically, Barzilai is directed toward privacy policies that are used to protect user 
submitted private information. A user submits private information to an enterprise subject to a 
privacy policy which is subsequently enforced when an application requests user information. 
Thus, the privacy policies disclosed in Barzilai are used when an application attempts to access 
private user information. See Barzilai at Abstract and paragraph [0012]. More specifically, the 
application which attempts to access user private information is checked to ensure that the 
application is compliant with the privacy policy subject to which the user submitted his/her private 
information. In contrast, the claimed invention recites that the customized policies are used when a 
user attempts to access a resource {e.g., an application). Thus, Barzilai uses privacy policies in the 
opposite manner from which customized policies are used in the claimed invention. Even 
assuming, arguendo, that the application of Barzilai is considered to be a user and that the private 
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user information requested by the application is equivalent to a resource, Applicants assert that 
Barzilai fails to teach or suggest the following limitations: 

(i) Barzilai fails to teach or suggest that the privacy policy associated with a node that 
contains user private information includes a rule that references the node and comprises 
at least one action associated with the resource. The cited portion of Barzilai only 
teaches a basis privacy policy that is defined for a root node in the enterprise 
information node structure. See Barzilai at paragraph [0013]. Neither the cited portion 
nor the rest of Barzilai teach that the basis privacy policy (or any other privacy policy) 
includes a rule and at least one action for the root node subject to the basis privacy 
policy; 

(ii) Barzilai fails to teach or suggest that a privacy policy includes a condition that places a 
constraint on the at least one action contained within the rule. In fact, because Barzilai 
fails to teach or suggest a rule comprising an action within a privacy policy, it follows 
that Barzilai cannot possibly teach or suggest placing a constraint on the action. The 
cited portion of Barzilai discloses a user request handler that manages privacy-related 
interactions with users. The user request handler supplies policy information retrieved 
by a policy engine. See Barzilai, paragraph [0070]-[0072], Clearly, supplying policy 
information is distinct from placing a constraint on an action to be performed on a 
resource. Simply supplying information does not, in any way, restrict how an action is 
performed on the enterprise information node or on the user private information 
contained within the node; 
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(Hi) Barzilai fails to teach or suggest that the privacy policy includes a subject that defines a 
collection of users to whom the policy definition applies. The Examiner cites 
paragraph [0014] of Barzilai as teaching the aforementioned limitation of the claimed 
invention. However, the cited portion of Barzilai only states that privacy policies can 
be adapted for different types of users. Stating that privacy policy is robust enough to 
apply to different types of users is not equivalent to defining a specific group of people 
within the privacy policy that indicates to which users the privacy policy applies. In 
fact, there is no need for Barzilai to teach or suggest including a subject as defined in 
the claimed invention within the privacy policy; once a privacy policy is set by a user 
for a particular node, the privacy policy applies to the user private information stored 
on that node. Thus, it does not make sense to define a group of users to which the 
privacy policies of Barzilai apply, because the privacy policies of Barzilai apply to the 
user private information stored on a node and not to one or more users; 

(iv) Finally, Barzilai fails to teach or suggest that the privacy policy includes a referral that 
identifies a second policy decision point to which the evaluation of the privacy policy is 
delegated. In fact, Barzilai does not even teach or suggest delegating the evaluation of 
a privacy policy. Rather, in Barzilai, each application that requests access to user 
private information is checked for compliance with the privacy policy. Access is 
granted to an application if application compliance with the privacy policy for that node 
is verified (see Barzilai, paragraph [0012]). There is nothing within the privacy policy, 
which indicates what component is to perform the verification. Even assuming, 
arguendo, that verification of application compliance is delegated to the enterprise node 
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that the application is attempting to access, the verification of application compliance is 
not delegated to a second policy decision point in Barzilai. Instead, there is only one 
enterprise node that can verify application compliance with the privacy policy for the 
particular user private information stored on the one enterprise node. 
In view of the above, it is clear that Sylor, Bnm, and Barzilai, whether considered separately 
or in combination, fail to render the independent claims of the present application obvious. Thus, 
independent claims 1, 9, 16, and 24 are patentable over Sylor, Brun, and Barzilai. Dependent 
claims 3-8, 1 1-14, 18-23, and 25-27, which depend directly or indirectly from independent claims 1, 
9, 16, and 24, are patentable over the cited art for at least the same reasons. Accordingly, 
withdrawal of this rejection is respectfully requested. 

Claim 28 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over Sylor in view 
of Brun, further in view of Barzilai and further in view of Ramamoorthy and further in view of U.S. 
Patent No. 5544322 ("Cheng"). Applicants submit that this rejection is improper as the Examiner 
provided no identifying information for Ramamoorthy nor did the Examiner present any assertion of 
what Ramamoorthy discloses that may render any limitation of claim 28 obvious. Accordingly, 
withdrawal of this rejection is respectfully requested. Moreover, if the Examiner maintains this 
rejection, clarification is requested. 

Furthermore, to the extent that this rejection may apply to amended claim 28, this rejection 
is respectfully traversed. Claim 28, as amended, depends from independent claim 1, and is thus 
allowable for at least the same reasons. Accordingly, withdrawal of this rejection is respectfully 
requested. 
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Claim 29 stands rejected under "Official Note." Office Action dated February 15, 2007 at 
page 14. To the extent this rejection may apply to amended claim 29, this rejection is respectfully 
traversed. Claim 29, as amended, depends from independent claim 1 and is thus allowable for at 
least the same reasons. According, withdrawal of this rejection is respectfully requested. If the 
Examiner maintains this rejection, to the extent that the Examiner is relying on personal knowledge 
in taking Official Notice, Applicants respectfully request that the Examiner provide an affidavit of 
personal knowledge, pursuant to 37 C.F.R. § 1.104(d)(2). Alternatively, Applicants request that the 
Examiner cite appropriate prior art disclosing the noticed limitations. 



Applicants believe this reply is fully responsive to all outstanding issues and places this 
application in condition for allowance. If this belief is incorrect, or other issues arise, the Examiner 
is encouraged to contact the undersigned or his associates at the telephone number listed below. 
Please apply any charges not covered, or any credits, to Deposit Account 50-0591 (Reference 
Number 03226.497001). 

Dated: March 30, 2007 Respectfully submitted, 
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